最近从大佬手里收来一台死海网络的美西GIA小鸡,一顿操作改ssh端口放高位端口防火墙,然后机器就连不上了
折腾几次后,getenforce查询selinux状态是Enforcing,于是setenforce 0关闭后又是一顿操作,结果1分钟后又失联了
然后我思考一二,再次重装(不得不说死海家重装挺快,1分钟不到),systemctl status firewalld查看防火墙状态,虽然在运行,却发现:
网卡配置读取不到,权限不足:
ERROR: Failed to load '/etc/sysconfig/network-scripts/ifcfg-eth0': [Errno 13] Permission denied: '/etc/sysconfig/network-scripts/ifcfg-eth0'
ERROR: Calling post func <function 0x7fc8c0de7aa0="" at="" ifcfg_set_zone_of_interface="">(('', 'eth0')) failed: [Errno 13] Permission denied: '/etc/sysconfig/network-scripts/ifcfg-eth0'</function>
通过查询
ls -lZd /etc/sysconfig/network-scripts
ls -lZd /etc/sysconfig/network-scripts/ifcfg-eth0
发现网卡配置文件状态未标记: unlabeled_t
修复方法:
yum install policycoreutils-python
semanage fcontext -a -t net_conf_t /etc/sysconfig/network-scripts/ifcfg-eth0
restorecon -R /etc/sysconfig/network-scripts/ifcfg-eth0
systemctl restart firewalld.service然后再次查询
ls -lZd /etc/sysconfig/network-scripts/ifcfg-eth0发现已经标记好了
net_conf_tsystemctl status firewalld 查看防火墙状态也正常了
这样我们又可以愉快地修改ssh端口,更新firewalld放行端口各种设置了
